Listin g of the Claims 



This listing of claims will replace all prior versions, and listings, of claims in the application: 

1. (Previously Presented) A method for an intermediary selectively coupling an external 
network and an internal network to dynamically generate filter rules to facilitate establishing 
an end to end secure session connection between a first device on the internal network and a 
second device of the external network, the method comprising: 

receiving a secure session establishment request by the second device on the external 
network to establish a secure communication session with the first device on the internal 
network; 

forwarding the secure session establishment request to the first device; 

monitoring the internal network to detect an approval or disapproval 
acknowledgement by the first device for the secure session establishment request; and 

configuring a first filter rule of the intermediary to allow communication between the 
first and second devices through the intermediary, if an approval authentication 
acknowledgement is detected; 

receiving network traffic from the second device corresponding to a previous secure 
communication session established when the second device was previously on the internal 
network; and 

responding to said network traffic with an error such that the second device attempts 
to re-establish a secure communication session from the external network. 

2. (Original) The method of claim 1, further comprising: 

determining a presence advertisement for the first device has been received before 
forwarding the secure session establishment request to the first device. 

3. (Original) The method of claim 2 wherein the presence advertisement is delivered in 
accordance with the UPnP Simple Service Discovery Protocol (SSDP). 
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4. (Original) The method of claim 1, further comprising: 

receiving network traffic from the second device corresponding to the second device 
requesting a UPnP Device Description Document from the first device. 

5. (Original) The method of claim 1, further comprising: 

receiving a service request from the second device for the first device, the service 
request having an associated communication port for performing the service; 

determining the service request identifies a service advertised by the first device in a 
device description document; and 

configuring a second filter rule to allow communication between the first device and 
the second device using the associated communication port. 

6. (Original) The method of claim 1, further comprising: 

providing the second device with an indicia for use by the second device in 
establishing a communication link to the first device. 

7. (Original) The method of claim 6, wherein the indicia is a selected one of a globally 
routable Internet Protocol (IP) address, or an internal network address non-routable on the 
external network. 

8. (Original) The method of claim 1, wherein communication within the internal network is 
in accord with an IPv6 compatible Internet Protocol (IP). 

9. (Original) The method of claim 1, further comprising: 

retrieving an Access Control List (ACL) from the first device, the ACL including an 
identification of devices authorized to establish communication sessions; and 

determining based at least in part on the ACL the second device is authorized to 
establish the secure communication session with the first device before forwarding the secure 
session establishment request to the first device. 

10. (Cancelled) 
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11. (Original) The method of claim 1, further comprising: 

establishing the end to end secure session connection between the first device on the 
internal network and the second device of the external network in a single end to end secure 
session connection between said first and second devices. 

12. (Previously Presented) A method for a second device communicating with a first device 
on an internal network by way of an intermediary selectively coupling an external network 
and the internal network, comprising: 

receiving, by the second device while on the internal network, a presence 
advertisement for the first device; 

storing, by the second device while on the internal network, a network address 
associated with the first device; 

determining, by the second device while on the internal network, services offered by 
the first device; and 

issuing, by the second device while on the external network, a secure communication 
initiation request to the first device via the intermediary. 

13. (Previously Presented) The method of claim 12, wherein the intermediary is configured 
to: 

forward the request to the first device; 

monitor for an approval or disapproval authentication acknowledgement to the 
request; and 

configure a filter of the intermediary to allow communication with the first device if 
an approval authentication acknowledgement is received. 

14. (Previously Presented) The method of claim 13, wherein the intermediary is further 
configured to configure the filter to block communication with the first device is a 
disapproval authentication acknowledgement is received. 

15. (Cancelled) 
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16. (Previously Presented) The method of claim 12, wherein the method further comprising 
requesting, by the second device while on the internal network, a description of services 
offered by the first device. 

17. (Original) The method of claim 16, wherein the description of services is requested from 
the intermediary. 

18. (Previously Presented) The method of claim 12, wherein the method further comprising 
requesting, by the second device while on the external network, a description of services 
offered by the first device. 

19. (Original) The method of claim 18, wherein the description of services is requested from 
the intermediary. 

20. (Previously Presented) The method of claim 12, further comprising: 

receiving, by the second device while on the external network, an approval 
authentication acknowledgement to the request; and 

requesting responsive to the approval, by the second device while on the external 
network, a service of the first device. 

21. (Original) The method of claim 12, wherein the network address associated with the first 
device is a globally unique network address having an address portion identifying the 
intermediary. 

22. (Previously Presented) The method of claim 12, wherein the second device is a traveling 
control point. 

23. (Original) A system of devices communicatively coupled with an internal network and an 
external network via a gateway, comprising: 

a first device, communicatively coupled to the internal network, offering services; 
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a second device selectively coupled with the internal and external networks, the 
second device seeking a service of the first device, wherein when requesting the service, said 
requesting includes sending a secure communication initiation request to the first device to 
facilitate establishing a secure communication session with the first device; and 

an intermediary selectively communicatively coupling the first and second devices, 
wherein the intermediary is configured to receive a secure communication initiation request 
from the second device over the external network and forward the request to the first device. 

24. (Original) The system of claim 23, wherein the intermediary is further configured to 
monitor the first device for an approval or disapproval authentication acknowledgement for 
the request, and to configure a filter of the intermediary controlling communication over the 
first network from the first device based at least in part on a monitored authentication 
acknowledgement. 

25. (Original) The system of claim 23, wherein the first device communicates with the 
second device in accord with the UPnP Security Protocol. 

26. (Original) The system of claim 23, wherein the secure communication initiation request 
corresponds to a UPnP Set Session Key (SSK) request. 

27. (Previously Presented) An article of manufacture comprising 

a storage medium; and 

a plurality of programming instructions stored on the storage medium and configured 
to enable a machine as an intermediary selectively coupling an external network and an 
internal network to dynamically generate filter rules to facilitate establishing an end tno end 
secure session connection between a first device on the internal network and a second device 
of the external network to 

receive a secure session establishment request by a second device on the external 
network to establish a secure communication session with a first device on the internal 
network; 
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forward the secure session establishment request to the first device; 

monitor the internal network to detect an approval or disapproval acknowledgement 
by the first device for the secure session establishment request; and 

configure a first filter rule of the intermediary to allow communication between the 
first and second devices through the intermediary, if an approval authentication 
acknowledgement is detected; 

receive network traffic from the second device corresponding to a previous secure 
communication session established when the second device was previously on the internal 
network; and 

respond to said network traffic with an error such that the second device attempts to 
re-establish a secure communication session from the external network. 

28. (Previously Presented) The article of manufacture of claim 27, wherein the programming 
instructions are further configured to enable the machine to determine a presence 
advertisement for the first device has been received before forwarding the secure session 
establishment request to the first device. 

29. (Previously Presented) The article of manufacture of claim 27, wherein the programming 
instructions are further configured to enable the machine to receive a service request from the 
second device for the first device, the service request having an associated communication 
port for performing the service; 

determine the service request identifies a service advertised by the first device in a 
device description document; and 

configure a second filter rule to allow communication between the first device and the 
second device using the associated communication port. 

30. (Previously Presented) The article of manufacture of claim 27, wherein the programming 
instructions are further configured to enable the machine to provide the second device with 
an indicia for use by the second device in establishing a communication link to the first 
device. 
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3 1 . (Previously Presented) The article of manufacture of claim 27, wherein the programming 
instructions are further configured to enable the machine to 

retrieve an Access Control List (ACL) from the first device, the ACL including an 
identification of devices authorized to establish communication sessions; and 

determine based at least in part on the ACL the second device is authorized to 
establish the secure communication session with the first device before forwarding the secure 
session establishment request to the first device. 

32. (Previously Presented) An article of manufacture comprising 

a storage medium; and 

a plurality of programming instructions stored on the storage medium and configured 
to program a second device communicating with a first device on an internal network by way 
of an intermediary selectively coupling an external network and the internal network to 

receive, by the second device while on the internal network, a presence advertisement 
for the first device; 

store, by the second device while on the internal network, a network address 
associated with the first device; 

determine, by the second device while on the internal network, services offered by the 
first device; and 

issue, by the second device while on the external network, a secure communication 
initiation request to the first device via the intermediary. 

33. (Cancelled) 

34. (Previously Presented) The article of claim 32, wherein the programming instructions are 
further configured to enable the machine as the second device to request, by the second 
device while on the internal network, a description of services offered by the first device. 
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35. (Previously Presented) The article of claim 32, wherein the programming instructions are 
further configured to enable the machine as the second device to, request, by the second 
device while on the external network, a description of services offered by the first device. 



36.-37. (Cancelled) 
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